NetSupport Manager Client Spoofing Remote Authentication Bypass
Critical Nessus Plugin ID 26071
SynopsisThe remote Windows host has a program that is prone to an authentication bypass attack.
DescriptionNetSupport Manager (NSM), a multi-platform remote control application, is installed on the remote host.
According to its version, the NetSupport Manager client component on the remote host does not properly handle authentication sessions. A remote attacker may be able to leverage this issue to pose as the NetSupport Manager, associate to the NSM client, and gain complete control of the affected system.
SolutionUpgrade to NetSupport Manager version 10.20.0004 or later.